[Zope3-dev] Re: Security-geddon

[Jim Fulton]

Sidnei da Silva wrote:
> Hi, 
> 
> I would like to know a rough estimate about when the security-geddon
> is bound to happen.

Probabky within the next 2 months.

> I've been playing a bit with the security
> machinery today, basically trying to disable all of it to see how fast
> Zope could fly and noticed that disabling proxies and checkers is
> relatively hard,

There is no intention to get rid of these.  I do plan to optimize them
quite a bit and I think I can make them go much faster.

 > although plugging a new security policy is almost
> trivial.

The main changes planned are to:

- Factor all of the security-policy related code into separate packages
   (in zope.products).

- Create a new ZSP implementation that uses a centralized storage
   for grants.  I think that this will speed up checks quite a bit.

Jim


-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org